Abstract: Systems and methods that may implement an Oracle-aided protocol for producing and using FHE encrypted data. The systems and methods may initially encrypt and store input data in one encrypted form that is not performed using FHE, which does not substantially increase the size of the data and storage resources required to store the encrypted data. In accordance with the Oracle-aided protocol, the encrypted data is re-encrypted as FHE encrypted data when FHE encrypted data is required.

Abstract: The present invention provides methods and apparatuses for verifying that a transaction is legitimate. The methods and apparatuses use protected memory space, such as kernel space of an operating system, or a separate memory space, such as is available on a SIM card of a cellular phone. The method of the invention proceeds by creating a transaction identification string (TID) and associating the TID with a transaction. The TID contains data relevant to or associated with the transaction and is typically readable by an end-user. The transaction is then interrupted until a user responds in the affirmative to allow completion of the transaction. Methods and devices used in the invention are particularly well suited to M-commerce, where transactions originating from a device are typically recognized by a merchant as coming from the owner of the device without further authentication.

Abstract: A computer-implemented method according to one embodiment includes identifying a topic associated with a received notification, determining a plurality of policies associated with the topic, determining a current environmental context, determining a generalization level, utilizing the plurality of policies and the current environmental context, modifying the notification, based on the generalization level, and presenting the modified notification.

Abstract: Systems and methods for implementing a secure and efficient cryptographic protocol for analyzing data objects while providing assurances of data privacy and security. A data object may be obfuscated and provided for analysis (e.g., to a data analytics service) without necessarily providing access to the (e.g., plaintext) data object. For example, a first computing entity and second computing entity may agree upon a function or circuit that performs a certain type of computational task, such as comparing a first data set controlled by the first computing entity and a second data set controlled by the second computing entity. An event-driven function may be invoked by the event-driven compute service in response to detecting satisfaction of a condition as part of monitoring alerts that are generated as a result of the output of the computational task described above.

Abstract: A system and method allows an app to be used to signal a server to authenticate a user using two factor authentication. The app is one previously associated with a user account, optionally using a different form of two factor authentication.

Abstract: A computer-implemented method, which comprises: receiving an input message comprising N-bit input segments, N being an integer greater than one; converting the N-bit input segments into corresponding N-bit output segments using a 2N-by-2N one-to-one mapping stored in a non-transitory storage medium; and generating an output message comprising the N-bit output segments. Also, a computer-implemented method for a recipient to validate a message received from a sender, the message including a first part and a second part. This method comprises receiving a token from a witnessing entity; obtaining a first data element by joint processing of the first part of the message and the token; obtaining a second data element by joint processing of the second part of the message using a key associated with the sender; and validating the message by comparing the first and second data elements.

Abstract: A method for validating access to data files using a combination of secure data values includes: storing at least a first check value and a seed value in an account profile; receiving a data request message including at least a first data value, a second data value, a timestamp, and a data file request from a computing device; identifying a second check value using a predetermined algorithm applied to at least the seed value and the timestamp; validating the first data value using the first check value and the second data value using the second check value; and transmitting one or more data files indicated in the data file request to the computing device upon successful validation of the first data value and the second data value.

Abstract: Embodiments of the present disclosure provide a system for data characterization and tracking via cohesive information units. In particular, the system may be structured to define a cohesive information unit (“CIU”) which may serve as the fundamental functional unit that serves as the basis for data electronically stored, transferred, modified, and/or copied within computing systems. Each CIU may be electronically associated with metadata which serves to identify the CIU as the CIU is stored and/or in motion. Rather than allowing applications and/or users to change the data within the CIU directly, the system may write subsequent CIU's to reflect proposed changes by the applications and/or users. In this way, the system provides a secure and reliable way to maintain authenticity of data within the entity system.

Abstract: According to one aspect of the present invention, an information processing apparatus includes a determination unit that determines whether an identifier extracted from a one-way communication packet received from a sensor includes a first value indicating another information processing apparatus as a legitimate destination, a second value indicating a user different from a user of the information processing apparatus as the legitimate destination, or a third value indicating a sensor different from a sensor associated with the information processing apparatus as an origination, and a transmission unit that transmits, to a server, a second packet in which the first, the second, or the third value is stored, if the identifier includes the first, the second, or the third value.

Abstract: Systems and methods described herein provide a private network management service for enterprise networks with wireless access. The systems and methods receive, within a provider network and from a user of a private network, parameters for multiple subscription profiles; associate the multiple subscription profiles with an identifier for the private network to create private network subscription profiles; store the private network subscription profiles; and provide at least a portion of the private network subscription profiles from a core network of the provider network to an authentication proxy in the private network. The authentication proxy performs authentication for end devices locally based on the private network subscription profiles.

Abstract: Access is temporarily allowed to selected enterprise resources. A request to carry out an action is received from a private device. The private device is associated with an enterprise device, which has one or more enterprise policies in place. One or more steps for carrying out the requested action are defined, and it is determined that at least one policy from the enterprise policies is required for at least one of the steps. It is also determined that the at least one policy is in place on the private device. The private device is then allowed to carry out the requested action according to the at least one policy.

Abstract: Adaptive network security policies can be selected by assigning a number of risk values to security intelligence associated with network traffic, and identifying a number of security policies to implement based on the risk values.

Abstract: Access is temporarily allowed to selected enterprise resources. A request to carry out an action is received from a private device. The private device is associated with an enterprise device, which has one or more enterprise policies in place. One or more steps for carrying out the requested action are defined, and it is determined that at least one policy from the enterprise policies is required for at least one of the steps. It is also determined that the at least one policy is in place on the private device. The private device is then allowed to carry out the requested action according to the at least one policy.

Abstract: A method, apparatus, and system for managing information technology services. A current security assurance level for an information technology service related to security in an organization is determined based on assessment information about security factors for the information technology service and performance information about a group of current security controls for the information technology service. A target security assurance level for the information technology service is determined based on a criticality of the information technology service. A graphical representation of a difference between the current security assurance level and the target security assurance level on a display system is displayed.

Abstract: The present disclosure provides a fluid-optical encryption system and a method thereof. The fluid-optical encryption system uses a fluid surface that changes topology over time to modulate the wave front of an electromagnetic signal in an encryption, decryption, authentication or other communication system. The electromagnetic signal can be pulsed or continuous, coherent or non-coherent, and can be optical or in another wavelength range such as micrometer or infrared. The information carrying signal is either transmitted through the fluid system or reflected off the surface of the fluid system. The fluid system time dependent change can be induced by mechanical vibration in the fluid container, distorting the fluid container, acoustic waves through the fluid, or by surface tension changes at the boundary of the fluid cause by electrowetting or electrostatic effects. The fluid surface can exhibit patterns that oscillate or change periodically, or change in a chaotic manner.

Abstract: The disclosure relates to user-centric access to blockchain-based services accessed through a telecom network. User devices may each include a Digital Passport Application (“DPA”), which may be stored at an eSIM of the user device. The DPA may be directed to and anchor to an Edge Digital Gate (“EDG”) entitled to provide access to blockchain-based services. The DPA may store a digital persona that digitally represents an entity such as a user or machine so that the DPA may access and interact with blockchain-based services on behalf of the entity. For instance, the digital persona may bind a physical identity of the entity with a digital identity through a private key of the entity. The private key may be used to digitally signed the access token. The digital persona may further link the digital identity with one or more (typically multiple) virtual identities each associated with a blockchain-based service.

Abstract: Disclosed are methods, apparatus, systems, and computer readable storage media for providing access to a private resource in an enterprise social networking system. One or more servers may receive a request for access to a private resource to be granted to a user from a publisher. The publisher may be configured to publish a message as a feed item to one or more feeds, where the message includes a user identification identifying the user. The user does not have access to the private resource. The feed item may be provided to display in the one or more feeds. Access may be granted to the user via the one or more feeds. In some implementations, access may be granted in response to a user input from the feed item associated with a moderator or owner, the moderator or owner having a privilege to control user access to the private resource.

Abstract: An example operation may include one or more of identifying a new block to be created for a blockchain via a new block creation cycle, executing chaincode stored in the blockchain, identifying one or more credentials assigned as one credential per registered member organization of the blockchain based on the chaincode, validating the one or more credentials and determining consensus is satisfied via a consensus service, and creating the new block responsive to the consensus being satisfied.

Abstract: The present invention provides a method and a device for generating an HD wallet name card and a method and a device for generating an HD wallet trusted address. The method for generating the HD wallet name card comprises: first signature information is obtained by digitally signing first user information with a first private key; second signature information is obtained by digitally signing second user information with a first trusted private key; and the first user information, the second user information, the first signature information and the second signature information are integrated to generate the HD wallet name card. The present invention is advantageous in that the wallet information is digitally signed with the preset first trusted private key and the first private key, thus preventing the HD wallet name card from being forged, intercepted, and modified by a third party so as to ensure the security of transaction.

Abstract: Systems and methods for transmitting critical data to a server are provided. The data structure intended for transmission to the server is divided up on the client side into a substructure containing critical data (CD) and a substructure not containing CD. The substructure containing CD is further divided up at the client side into at least two substructures and the resulting substructures are sent consecutively to the server via a node with a transformation module. The substructure not containing CD is sent directly to the server, bypassing the node with the transformation module. After receiving the substructures, they are combined at the server side into a single data structure. The critical data are data with respect to which the law of the state in whose jurisdiction the client or an authorized entity is located imposes restrictions on the gathering, storage, accessing, dissemination and processing thereof.